Cybersecurity GRC Specialist – This role mitigates cybersecurity risks arising from digital transformation, working within the Strategy Governance cluster to support CISO/CSO/ICT managers and senior leadership in developing and implementing security governance, risk management, and compliance programs. Responsibilities Guide complex projects on cybersecurity strategy, governance and risk management , ensuring delivery quality, stakeholder coordination, and adherence to time, budget, and objectives. Support enterprise clients in defining multi-year cyber strategies, operational models, ICT and cybersecurity development plans, and remediation programs based on risk, business priority, and regulatory requirements. Analyze national and European regulations, including NIS2, DORA, Cyber Resilience Act, National Cybersecurity Security Perimeter, Cloud Regulation, ACN measures and sector-specific requirements, translating them into ICT, cybersecurity, governance, and control obligations. Design and implement cyber risk management frameworks covering risk assessment methodologies, scenario planning, KPIs/KRIs, control assurance, maturity metrics, and executive reporting. Support implementation, maintenance and improvement of information security and business continuity management systems, specifically ISO/IEC 27001, 27017, 27018, 22301 and frameworks such as NIST CSF 2.0, SP 800, CIS Controls, COBIT, ITIL . Conduct risk assessment, maturity assessment and gap analysis against regulations, standards and reference frameworks, identifying exposures, intervention priorities, and sustainable mitigation plans. Assist in designing third-party and supply-chain risk management models, focusing on critical vendors, cloud providers, ICT outsourcing, managed services, technology supply chains and contractual security requirements. Contribute to assurance, audit readiness and certification programs, guiding clients through certifications such as ISO 27001, 22301, SOC 1/2, CSA STAR, TISAX, HDS and other applicable frameworks. Develop processes, policies, procedures, guidelines and internal standards that capture regulatory, contractual, technological and organizational requirements related to cybersecurity, continuity, incident management and ICT governance. Create executive memos, dashboards, board-level reports and decision-making materials for CISO, CIO, CSO, risk committee, and top management, summarizing trade-offs, strategic options, impacts, dependencies, residual risks and investment priorities. Qualifications and Characteristics Minimum 3 years experience in consulting firms on cybersecurity compliance and security risk management projects. Experience implementing national and international regulatory compliance in cybersecurity domains (e.g., NIS2, National Cybersecurity Perimeter, Cloud Regulation, DORA). Competence in adopting and applying international cybersecurity frameworks, best practices and standards (ISO/IEC 27001, 22301, CSA STAR, NIST CSF, SP 800, etc.). Prior implementation experience of management systems such as ISO 27001, 22301, 20000‑1, SOC 1/2, CSA STAR Lev 2. Experience drafting policies and/or procedures. Ability to produce managerial reporting and executive summaries. Knowledge of key cybersecurity technologies. Excellent command of English, written and spoken. International experience or ability to work in multicultural, multi-country, multi-stakeholder environments, engaging with C‑level and top management. Ability to contribute to commercial proposals, technical offers, client presentations, business development and methodological asset creation. Bachelor’s or advanced STEM degree or higher education (e.g., master or specialized university courses in data protection and cybersecurity). Plus Security certification: ISO 27001 Lead Auditor / Lead Implementer, ISO 22301 Lead Auditor / Lead Implementer, CSA STAR Auditor, CompTIA Security+, CISSP, CISA, CRISC, ITIL or equivalents. Previous experience on regulated sectors or critical infrastructure (energy, telecommunications, transport, public administration, defense, cloud provider or essential digital services). Benefits Non-numeric individual focus – you are never just a number. Team collaboration to address vulnerabilities. Continuous training program with industry-leading certifications (CISSP, CISM, CISA, ISO 27001, etc.). Health insurance, preventive check-ups, wellness platforms and integrated welfare plan. Meal vouchers and additional benefits. #J-18808-Ljbffr